EP3646173B1 - Theft and tamper resistant data protection - Google Patents

Theft and tamper resistant data protection Download PDF

Info

Publication number
EP3646173B1
EP3646173B1 EP18733440.4A EP18733440A EP3646173B1 EP 3646173 B1 EP3646173 B1 EP 3646173B1 EP 18733440 A EP18733440 A EP 18733440A EP 3646173 B1 EP3646173 B1 EP 3646173B1
Authority
EP
European Patent Office
Prior art keywords
key
server
data
cluster
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
EP18733440.4A
Other languages
German (de)
French (fr)
Other versions
EP3646173A1 (en
Inventor
Scott A. Field
Aravind N. THORAM
John Michael Walton
Dayi Zhou
Alex M. Semenko
Avraham Michael Ben-Menahem
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Technology Licensing LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Technology Licensing LLC filed Critical Microsoft Technology Licensing LLC
Publication of EP3646173A1 publication Critical patent/EP3646173A1/en
Application granted granted Critical
Publication of EP3646173B1 publication Critical patent/EP3646173B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
    • G06F21/126Interacting with the operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/86Secure or tamper-resistant housings
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4416Network booting; Remote initial program loading [RIPL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/109Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by using specially-adapted hardware at the client
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/40User authentication by quorum, i.e. whereby two or more security principals are required
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • Physical access to an organization's secure areas, equipment, or materials containing sensitive data make it possible for a malicious insider to steal or damage the stored data. For example, a janitor or other building contractor may steal physical disks, other storage devices or even an entire computer system. Further, beyond physical theft and/or mishandling of the storage hardware, an operating system may be implanted with malicious software by unauthorized personnel that have physical access to the storage media. Malicious software could infiltrate or destroy data, or maintain persistent unauthorized access, amongst other problems.
  • a hacker may manipulate the normal behavior of network connections and connected systems.
  • hackers may use scripts or other software to attack computer networks, manipulating data passing through a network connection in ways designed to obtain more information about the target system or obtain access to the data.
  • Patent document US 9 483 655 B2 and "Network Key Protector Unlock Protocol Intellectual Property Rights Notice for Open Specifications Documentation" by Microsoft Corporation form part of the background art.
  • Disclosed embodiments are directed towards systems and methods for improving security of stored data by encrypting data and by maintaining the decryption keys separately from the encrypted data.
  • a user generates a cluster of data using a client system, the cluster of data is encrypted using an encryption key and is also associated with a unique key identifier.
  • the client system sends the unique key identifier and a corresponding decryption key to a server for storage.
  • the client system sends a communication request to the server that has access to a key ID database that stores the decryption key and receives a communication response from the server.
  • the client system then sends the unique key ID to the server.
  • sending the unique key ID may be achieved using a boot manager, such that the client sends a request for boot code and receives the boot code from the server.
  • sending the unique key ID may be achieved by embedding the boot code in the client system's firmware. After sending the unique key identifier to the server, the client system receives the decryption key from the server and decrypts the cluster of encrypted data using the decryption key.
  • the server receives the unique key identifier and the decryption key.
  • the server stores the unique key identifier and the decryption key in the key ID database.
  • the server receives a communication request from a client system and sends a communication response to the client system.
  • the server fetches the unique key ID stored in the cluster of encrypted data that the client system is requesting to access.
  • fetching the unique key ID may be achieved via boot manager, such that the server receives a request for boot code from the client system and initiates a boot manager loading the boot code. Through the boot code, the server obtains the unique key identifier stored in the cluster of encrypted data that the client system is requesting to access.
  • fetching the unique key ID may be achieved via accessing boot code embedded in the firmware of client system.
  • the server After receiving the unique key ID, the server then searches the key ID database for a match. In response to finding a match, the server retrieves the decryption key associated with the key identifier and sends the decryption key to the client system.
  • the client system after the client system encrypts a cluster of data and creates a unique key ID of the clustered encrypted data.
  • the unique key ID may comprise a certificate thumbprint.
  • the decryption key is further encrypted using a public key.
  • a private key is interrelated to the pubic key and is configured to decrypt the encrypted decryption key.
  • the client system stores the encrypted decryption key and the unique key ID in the cluster of encrypted data as metadata, then sends the private key and the unique key ID to a server for storage.
  • the client system sends a communication request to the server and receives a response from the server granting the request.
  • the client system then sends the unique key ID and the encrypted decryption key to the server.
  • the action of sending the unique key ID and the encrypted decryption key to the server is achieved by using a boot manager initiating boot code, such that after receiving boot code from the server, the client sends the unique key ID and the encrypted decryption key to the server. It will be noted, however, that the boot code can be obtained prior to or subsequent to initiating the process for accessing the key.
  • sending the unique key ID may be achieved by embedding the boot code in the client system's firmware. The client system then receives a decrypted decryption key from the server and decrypts the cluster of encrypted data using the decrypted decryption key.
  • the server receives a unique key ID and a private key that is configured for decrypting the encrypted decryption key from the client system.
  • the server stores the private key and the unique key ID in a key ID database.
  • the server receives a communication request from the client system and sends a communication response to the client system.
  • the server fetches a unique key ID and the encrypted decryption key that are stored in the cluster of encrypted data as metadata.
  • fetching the unique key ID may be achieved by initiating a boot manager, such that after receiving a request for boot code from the client system, the server initiates a boot manager that provides boot code to the client.
  • the boot manager can be installed prior to receiving the aforementioned communication request from the client system.
  • the server receives a unique key ID and an encrypted decryption key stored in metadata of the cluster of encrypted data that the client system requests to access.
  • fetching the unique key ID and encrypted decryption key may be achieved via accessing boot code embedded in the firmware of client system.
  • the server After receiving the unique key ID, the server then searches the key ID database for a match unique key ID. In response to finding a match, the server retrieves the private key that is associated with the unique key ID and decrypts the encrypted decryption key using the private key, and sends the decrypted decryption key to the client system.
  • the client system after a cluster of data is generated and encrypted, the client system creates a unique key ID of the cluster of encrypted data.
  • the unique key ID may comprise a certificate thumbprint.
  • the client system sends the decryption key and the unique key ID to a server to be encrypted, using a symmetric key that is stored at the server.
  • the client system receives the encrypted decryption key from the server and stores the encrypted decryption key along with the unique key ID in the cluster of data maintained at the client as metadata.
  • the client system sends a communication request to the server and receives a response from the server granting the request. Then, the client system sends the unique key ID and the encrypted decryption key to the server.
  • sending the unique key ID and the encrypted decryption key may be achieved by initiating a boot manager from the server, such that the client system sends a request for boot code. After receiving the boot code from the server (which could be received prior to the server receiving the unique key ID and/or without the client sending a request for the boot code), the client sends the unique key ID and the encrypted decryption key to the server. In another embodiment, sending the unique key ID and encrypted decryption key may be achieved by running the boot code embedded in the firmware of the client system. After sending the unique key ID and the encrypted decryption key to the server, the client receives the decrypted decryption key from the server, which was decrypted by the server with the symmetric key. Finally, the client decrypts the cluster of data using the decrypted decryption key received from the server.
  • the server receives a unique key ID and a decryption key from the client system. It encrypts the decryption key using the stored symmetric key and sends the encrypted decryption key to the client system for storage.
  • the server stores the symmetric key and the unique key ID in a key ID database.
  • the server receives a communication request from the client system and sends a communication response to the client system.
  • the server then fetches the unique key ID and the encrypted decryption key from the metadata of the cluster of encrypted data. In one embodiment, fetching the unique key ID and the encrypted decryption key may be achieved by initiating a boot manager, sending boot code to the client system.
  • the server receives the unique key ID and the encrypted decryption key stored in the metadata of the cluster of encrypted data that the client system is requesting access to.
  • fetching the unique key ID and the encrypted decryption key may be achieved by initiating boot code embedded in the firmware of the client system.
  • the server After receiving the unique key ID and the encrypted decryption key, the server searches the key ID database for a match. In response to finding a match, the server retrieves the symmetric key associated with the unique key ID, decrypts the encrypted decryption key using the symmetric key, and sends the decrypted decryption key to the client system.
  • Disclosed embodiments are directed towards systems and methods for improving security of stored data, by helping to keep encrypted client data tamper resistant, by encrypting data and by also maintaining the keys for decrypting/accessing the encrypted data separately from the encrypted data.
  • a user encrypts a data set (sometimes referred to, herein, as a cluster of data) using an encryption key and associates the encrypted data with a unique key identifier.
  • the client sends the unique key identifier and a corresponding decryption key to a server for storage.
  • the client does not separately keep a copy of the decryption key at the client.
  • the client system obtains the decryption key from the server by following certain protocols. For instance, the client sends a communication request to the server and receives a communication response from the server.
  • the client system then sends a request for boot code and receives the boot code from the server.
  • the client also provides the unique key identifier to the server, which sometimes occurs during execution of the boot code.
  • the client system receives the decryption key from the server and decrypts the cluster of encrypted data using the decryption key.
  • the client after the client system encrypts the data, the client creates a unique key ID of the encrypted data.
  • the unique key ID may comprise a certificate thumbprint.
  • the decryption key is further encrypted using a public key.
  • a corresponding private key configured to decrypt the encrypted decryption key is sent to the server, without being maintained/stored at the client.
  • the client system stores the encrypted decryption key and the unique key ID as metadata.
  • the private key and unique key ID are sent to and stored by the server or a system that is accessible to the server.
  • the client system sends a communication request to the server and receives a response from the server granting the request.
  • the client then sends a request for boot code.
  • the client After receiving boot code from the server, the client sends the unique key ID and the encrypted decryption key to the server. This triggers the server sending the decrypted decryption key to the client, such that the client is enabled to decrypt the cluster of encrypted data using the decrypted decryption key.
  • the client stores a decryption key with the encrypted data, but not in a format that can be used by the client.
  • the decryption key is encrypted until it is needed and it is only decrypted in response to the client following certain security protocols with a server that decrypts the decryption key.
  • the client system creates a unique key ID of encrypted data and sends the corresponding decryption key for decrypting the data to a server to be encrypted.
  • the unique key ID may also be a certificate thumbprint.
  • the server encrypts the decryption key using a symmetric key that is stored at the server.
  • the client system receives the encrypted decryption key from the server and stores the encrypted decryption key along with the unique key ID in the cluster of data maintained at the client as metadata.
  • the client system sends a communication request to the server and receives a response from the server granting the request. Then, the client system sends a request for boot code. During execution of the boot code, the client sends the unique key ID and the encrypted decryption key to the server.
  • the client receives the decrypted decryption key from the server, which is decrypted by the server with the symmetric key, and decrypts the encrypted data with the newly received/decrypted decryption key.
  • the disclosed embodiments for helping to keep encrypted client data tamper resistant may be implemented by a computing system, as described in the following disclosure, which includes one or more client and/or server systems.
  • Figure 1 illustrates one example of a client-server environment 100 that can be used to implement certain aspects of the invention.
  • client data sets (104, 108, 112, 114, 116, 118, 120, and 122) are encrypted and maintained by various client systems 102, 106, 110.
  • Corresponding decryption keys for decrypting the data sets are maintained in a key database 126 that is stored on and/or accessible to a remote server 124.
  • Client systems 102, 106 and 110 and server 124 communicate over one or more network connections 128, using wired and/or wireless components and protocols.
  • the server 124 communicates with the client system(s) 102, 106 and 110 using the trivial file transfer protocol (TFTP) and/or Network Key Protector Unlock Protocol (NKPU).
  • TFTP trivial file transfer protocol
  • NKPU Network Key Protector Unlock Protocol
  • the client data may be stored locally in any combination of one or more storage locations that are coupled to or accessible to the client system(s).
  • client system 102 includes storage 104
  • the client system 106 includes storage 108
  • the client system 110 includes multiple storage containers/locations 112, 114 and 116.
  • the client data may also be stored in a remote network and/or distributed storage.
  • some of the data for client system 100 is stored in network storages 118, 120 and 122.
  • the ellipsis 110 represents that there may be one or more client systems in the client-server environment 100.
  • Each of the clusters of data may be accessible by one or more clients.
  • the ellipsis 116 represents that each client system may include one or more data storages.
  • the ellipsis 122 represents that each client system may have access to one or more network storages for storing the client data.
  • the client data may be referred to herein as either ⁇ data,' one or more ⁇ data cluster(s)' and/or one or more ⁇ data set(s)'.
  • a malicious insider e.g., a janitor
  • decommissioned storage devices at the end of their life cycle
  • These storage devices may be recycled, resold, or obtained by a malicious person.
  • Embodiments of the present invention can be used to help improve the security and protection of client data by encrypting the data (e.g., 104, 108, 112, 114, 116, 118, 120, or 122) and storing keys for accessing the data separately from the client.
  • the encrypted data is also associated with a unique ID.
  • This unique ID may comprise data defining a date of creating, modifying or accessing the data.
  • the unique ID can also be a randomly generated identifier.
  • the client and server associate the unique ID with the cluster of data that is encrypted.
  • the unique ID and the decryption key associated with the cluster of data are stored in a key ID database 126 that the server 124 has access to.
  • the decryption key is not stored by the client (at least not in a format that can be used by the client).
  • a malicious person obtains access to the client storage device containing the encrypted data, they would not be able to obtain/use the decryption keys, because they are either maintained on the server and/or are stored in a format (encrypted format) that cannot be used without first accessing another key from the server. Thus, they would not be able to access the encrypted data.
  • One set of encryption/decryption key(s) may be used to encrypt a particular cluster of data.
  • Each cluster of data may be classified in many different ways, including, but not limited to, classifying data based on a client's ID, a client's system's ID, a client's geographic location, a data storage's geographic location, a type of data, the sensitivity of the data.
  • Encryption is the process of converting ordinary information (plaintext) into unintelligible text (ciphertext). Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext.
  • a cipher is a pair of algorithms that create the encryption and the reversing decryption. The detailed operation of a cipher is controlled both by the algorithm and in each instance by a "key". The key is a secret (ideally known only to the communicants), usually a short string of characters, which is needed to decrypt the ciphertext.
  • Ciphers may be used directly for encryption or decryption without additional procedures such as authentication or integrity checks. They also may be used to include sender/receiver identity authentication, digital signatures, interactive proofs and secure computation, among others.
  • symmetric and asymmetric There are two general kinds of cryptosystems: symmetric and asymmetric.
  • symmetric systems the same key is used to encrypt and decrypt a message.
  • Data manipulation in symmetric systems is faster than asymmetric systems as they generally use shorter key lengths.
  • Asymmetric systems use a public key to encrypt a message and a private key to decrypt it.
  • Use of asymmetric systems enhances the security of communication.
  • Examples of asymmetric systems include, but are not limited to, RSA (Rivest-Shamir-Adleman), and EEC (Elliptic Curve Cryptography).
  • Symmetric models include, but are not limited to, the commonly used AES (Advanced Encryption Standard).
  • Symmetric key ciphers are implemented as either block ciphers or stream ciphers.
  • a block cipher enciphers input in blocks of plaintext as opposed to individual characters.
  • Stream ciphers in contrast, create an arbitrarily long stream of key material, which is combined with the plaintext bit-by-bit or character-by-character, somewhat like the one-time pad.
  • symmetric algorithms a same key is used for both encryption and decryption.
  • encryption keys are randomly generated.
  • different keys are used for encryption and decryption, such that a public key is used to encrypt the data, and a private key is used to decrypt the data.
  • the asymmetric cryptosystem is also called public key system.
  • a public key system is so constructed that calculation of one key (the 'private key') is computationally infeasible from the other (the 'public key'), even though they are necessarily related. Instead, both keys are generated secretly, as an interrelated pair.
  • the public key may be freely distributed, while its paired private key must remain secret.
  • the public key is used for encryption, while the private or secret key is used for decryption.
  • Cryptographic hash functions are a third type of cryptographic algorithm. They take a message of any length as input, and output a short, fixed length hash, which can be used (for example) as a digital signature or unique identifier. For good hash functions, an attacker cannot find two messages that produce the same hash.
  • public-key cryptosystems may be hybrid cryptosystems, in which a symmetric-key encryption algorithm or an asymmetric-key encryption algorithm is used for the data itself, while the relevant symmetric key or private key is further encrypted using a public-key algorithm or a symmetric-key algorithm.
  • hybrid signature schemes may be used, in which a cryptographic hash function is computed as a unique identifier associated with a decryption key that is used to decrypt the data, or used to decrypt the encrypted decryption key.
  • the client-server system may also include another layer further authenticating a user's identity via the client system, or via the server.
  • FIG. 2 illustrates an example of a client-server system environment 200 on which the invention may be implemented.
  • the computing system environment 200 is only one example of a suitable computing environment and is not intended to suggest any limitation as to the scope of use or functionality of the invention. Neither should the computing environment 200 be interpreted as having any dependency or requirement relating to any one or combination of components illustrated in the exemplary operating environment 200.
  • the invention is operational with numerous other general purpose or special purpose computing system environments or configurations.
  • Examples of well-known computing systems, environments, and/or configurations that may be suitable for use with the invention include, but are not limited to: personal computers, server computers, handheld or laptop devices, tablet devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, computer controlled robots and manufacturing machines, distributed computing environments that include any of the above systems or devices, and the like.
  • the invention may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer.
  • program modules include routines, programs, objects, components, data structures, and so forth, which perform particular tasks or implement particular abstract data types.
  • the invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network.
  • program modules may be located in local and/or remote computer storage media including memory storage devices.
  • an exemplary system for implementing the invention includes a client system 202, which may be a general purpose computing device in the form of a personal computer 202 (similar to a client system from Figure 1 ) and which may be configured to communicate with a server 216 (similar to the server of Figure 1 ) over a network connection 214 (similar to the network connections of Figure 1 ).
  • client system 202 may be a general purpose computing device in the form of a personal computer 202 (similar to a client system from Figure 1 ) and which may be configured to communicate with a server 216 (similar to the server of Figure 1 ) over a network connection 214 (similar to the network connections of Figure 1 ).
  • Components of the computer 202 may include, but are not limited to, one or more processors 204, a system memory 210, an input/output (I/O) interface 206, and a communication module 208.
  • the I/O interface 206 may include but is not limited to a keyboard, a computer mouse, a touch screen, a monitor and printers.
  • the communication module 208 may include but is not limited to modems, network cards, communication interfaces and so forth.
  • the system memory 210 stores the client data (often encrypted) and also includes computer storage media in the form of volatile and/or nonvolatile memory such as read only memory (ROM) and random access memory (RAM).
  • ROM read only memory
  • RAM random access memory
  • BIOS basic input/output system
  • RAM typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by the processors or processing unit 204.
  • the storage device 210 also includes computer-readable instructions for implemented the disclosed methods, corresponding data structures and other data for the client system 202.
  • a user may enter commands and information into the client system 202 through I/O interfaces 206, which may include input devices such as a touch screen, a microphone, a keyboard, a mouse, trackball and/or touch pad. Other input devices may include a joystick, game pad, satellite dish, scanner, motion sensors and the like. These and other input devices are often connected to the processing unit (including one or more processor 204) through a universal serial bus (USB).
  • I/O interfaces 206 may include input devices such as a touch screen, a microphone, a keyboard, a mouse, trackball and/or touch pad.
  • Other input devices may include a joystick, game pad, satellite dish, scanner, motion sensors and the like.
  • USB universal serial bus
  • the I/O interfaces 206 may also include output interfaces, such as a monitor or other type of display device, speakers, haptic feedback devices, and so forth.
  • the data 212 is encrypted using a predetermined cipher or key, and the encrypted data is then stored in storage 210.
  • the decryption keys are sent to the server 216 to be stored in a key database 218 that the server has access to.
  • the client does not store the decryption keys.
  • the client system 202 may further encrypt the decryption key (which is stored in an encrypted format at the client), then the decryption keys used to encrypt the decryption keys are sent to the server 216 to be stored in the key database 220, such that the decryption key at the client is inaccessible without first obtaining the decryption key from the server for decrypting the encrypted decryption key at the client.
  • the storage 210 may be a local storage that is included in the client system 202.
  • the storage may also be a remote and/or distributed network storage that the client system 202 is able to access, as described above with respect to Figure 1 .
  • the key database 220 may be stored in an internal storage 218 of the server 216.
  • the key database 220 may also be stored in an external storage device accessible to the server, 216 or a network storage that the server has access through network connections (not shown in the Figure).
  • the key database 220 may also be backed up in a redundant storage 222.
  • the redundant storage 222 may be a local storage that is only accessible to the server. Alternatively, it may be a network storage that is accessible to one or more servers.
  • FIG. 3 illustrates one embodiment of a client-server environment 300, in which each cluster of encrypted data 312 is associated with a separate key identifier (ID) 314.
  • ID key identifier
  • the server 328 is a Preboot Execution Environment (PXE) server.
  • PXE Preboot Execution Environment
  • PXE servers are a common choice for operating system booting, installation and deployment.
  • the PXE is a standardized client-server environment that boots a software assembly, retrieved from a network, on PXE-enabled client systems.
  • NIC network interface controller
  • TFTP Trivial File Transfer Protocol
  • TFTP is a lockstep file transfer protocol which allows a client to get a file from or put a file onto a remote host.
  • One of its primary uses is in the early stages of nodes booting from a local area network.
  • TFTP a transfer is initiated by the client issuing a request to read or write a particular file on the server.
  • the request can optionally include a set of negotiated transfer parameters proposed by the client system. If the server grants the request, the file is sent by default or the number specified in the blocksize negotiated option.
  • Both devices (client and server) involved in a transfer may be considered senders and receivers. For instance, one system sends data and receives acknowledgments, the other system also sends acknowledgements and receives data.
  • the initiating client system may send a service request to a server.
  • the server replies with an acknowledgement.
  • the client system sends data packets to the server, and the destination server replies with acknowledge packets for data packets.
  • TFTP normally may not include login or access control mechanisms, some disclosed embodiments include layering authentication, access control, confidentiality, and/or integrity checking above or below the layer at which TFTP runs.
  • the PXE boot of a client system boot is initiated when a client sends a general request to a PXE server, i.e. a PXE discover request (316).
  • the PXE server responds to the PXE discover with an acknowledgement (318).
  • the client system sends a request for boot code via TFTP (320).
  • the server initiates a boot manager including boot code (322), which may include the client system downloading the boot code using TFTP from the server to the client system's RAM.
  • the boot manager is executed at the client to fetch the unique key ID (324).
  • the server receives and matches the unique key ID to a corresponding decryption key 334 at the server, the server provides the decryption key to the client (326).
  • Figures 4 and 5 illustrate corresponding methods for helping to keep encrypted client data tamper resistant, as presented from the client perspective ( Figure 4 ) and the server perspective ( Figure 5 ), and such as may be implemented by client 302 in the client-server environment 300 of Figure 3 .
  • the client system 302 When a user of a client system 302 creates a cluster of data to be protected, the client system associates the cluster of data with a unique key ID (act 402), and stores the unique key ID in the cluster of data as metadata (act 404). The client system then encrypts the cluster of data using a predetermined cipher (act 406).
  • the cryptosystem used for encrypting the data may be a symmetric system or an asymmetric system.
  • the encryption key is the same as the decryption key, i.e. a symmetric key.
  • an asymmetric system there will be a pair of different keys used to encrypt or decrypt the data.
  • the key used to encrypt the data is usually distributed freely and called public key.
  • the key used to decrypt the data is kept secret and called private key.
  • the client system After encryption, the client system sends the unique key ID and the decryption key to the server for storage (act 408).
  • the server 328 receives the key ID and the decryption key from the client system 302 (act 502) and stores it in a key ID database (act 504).
  • the server 328 may also backup the key ID database in a redundant storage (act 506).
  • a client system 302 When a client system 302 needs to access the encrypted data, it initiates a system boot process (act 410), and sends a communication request to the server (act 412).
  • the serve 328 receives the communication request from the client system 302 (act 508), and sends a communication response to the client system 302 as an acknowledgement (act 510).
  • the client system 302 receives the communication response from the server 328 (act 414) and sends a request for boot code (act 416).
  • the server 328 receives the request for boot code from the client system 302 (act 512) and initiates a boot manager (act 514).
  • the boot code is received by and/or executed at the client system (act 418). When executed, the boot code reads the unique key ID associated with the encrypted data at the client system and sends the unique key ID to the server 328 (act 420).
  • the server 302 When the server 302 receives the unique key ID (act 516), it searches the key ID database for a match (act 518). Upon finding a matching unique key ID (act 522), the server retrieves the decryption key associated with the matching unique key ID (act 524) and sends the decryption key to the client system 302 (act 526). Responsively, the client system 302 receives the decryption key from the server 328 (act 422), and decrypts the cluster of data using the decryption key (act 424).
  • the server 328 reaches out to a remote/redundant storage searching for a match (act 530). Then, if a match is found at the remote/redundant storage (act 534), the server obtains/restores the matching key ID and stores the decryption key in the key ID database (act 536).
  • This can be beneficial when a key is inadvertently lost/inaccessible by the server. For instance, in some embodiments, there may be times when a key ID and/or its associated key(s) are erroneously deleted or corrupted and/or the server storage component that is storing the key ID crashes. In such circumstances, the servers may access the backup key ID database and retrieve the missing key ID and its key(s) and restore them back to the key ID database.
  • some embodiments utilize a remote key ID database, separately from the server(s).
  • Each of the servers may communicate with a client system separately. Or each of the servers may have access to an identical key ID database that is coupled to the server for faster communication. In such a case, when one server updates its key id database, the rest of the servers also updates the key id database accordingly.
  • Each server's database may also be deemed as a redundant key ID storage for the other servers.
  • the server 328 may detect asset management anomalies (act 540). In response certain anomalies, the server may delete a key ID and/or its associated decryption key (act 542). For example, an anomaly may be detected/determined in response to the boot manager failing to successfully read the key associated with the unique key ID due to, for example, a storage device that is marked missing or de-commissioned. In another example, there may be a threshold number of failed attempts to access a cluster of encrypted data, such that no matching key ID can be found from the key ID database and/or the backup storage. This would also trigger the determination/detection of an anomaly.
  • the client's data is encrypted, no matter whether the data are stored locally or on a cloud storage, and the decryption key is stored separately (i.e., not stored locally with the cluster of data or in the client's system). Accordingly, even if a malicious person accesses a storage device or a computer containing the encrypted data, the data is inaccessible, because the decryption key is stored on a remote server and not ascertainable by the malicious person.
  • some disclosed embodiments include further encrypting the decryption key by a random local key, sending the encrypted decryption key to the server, and storing the random local key in the cluster of encrypted data as metadata.
  • the server will send out the encrypted decryption key, and after receiving the encrypted decryption key, the client system decrypts the encrypted decryption key using the random local key, then decrypt the cluster of data using the decrypted decryption key.
  • a hacker may attempt to obtain an encrypted decryption key via hacking the network, which alone would not allow him to access the key or the encrypted data.
  • Figures 6-8 illustrate additional/altemative systems and methods for helping to keep encrypted client data tamper resistant, as presented from the client perspective ( Figure 7 ) and the server perspective ( Figure 8 ), and such as may be implemented by a client 602 in a client-server environment 600 of Figure 6 .
  • a client system 602 is similar to the client system 302 of Figure 3 , including at least a processor 604, a communication module 608, an I/O interface 606 and storage device 610 that stores a certificate/thumbprint 612, an encrypted decryption key 614 and encrypted data 616 that the encrypted decryption key (614, once decrypted) is configured to decrypt.
  • the server 630 stores or has access to a key ID database 636 that stores the decryption key for decrypting the encrypted decryption key.
  • server 630 may also be a PXE server.
  • the client sends an initial discover request (618) that triggers a server response (620). Then, the client sends a request for boot code (622) that triggers the initiation of the boot manager (624). The client then sends a thumbprint and the encrypted decryption key to the server (626). After the server decrypts the encrypted decryption key (with a key at or accessible to the server) the server sends back the matching decryption key (628).
  • the unique key identifier of the encrypted data may be a certificate thumbprint 612.
  • a certificate thumbprint 612 is a string that uniquely identifies a cluster of data.
  • a thumbprint may be a hash that is calculated from the content of the cluster of data using a thumbprint algorithm. The hash may be based off of any combination of the encrypted data, the encryption key, the unique ID, a client identifier and/or any other information stored at or associated with the client system.
  • Each cluster of encrypted data is separately identified via a unique certificate thumbprint. In some instances, all data at the client is combined into a single cluster. In other embodiments, the client stores separate clusters of data that are each associated with a different unique ID and/or thumbprint.
  • the client system 602 encrypts the data using a pre-determined cryptography (act 702) and creates a certificate thumbprint of the cluster of the encrypted data (act 704).
  • the client also encrypts the decryption key via an asymmetric cryptosystem (act 706).
  • an asymmetric cryptosystem there is a pair of different keys generated. A public key is used to encrypt the data, and a private key is used to decrypt the data.
  • the decryption key is further encrypted by a public key, and the private key interrelated to the public key is used to decrypt the encrypted decryption key.
  • the client system 602 then stores the encrypted decryption key and the certificate thumbprint in the cluster of encrypted data as metadata (act 708).
  • the client then sends the certificate thumbprint and the private key that paired with the public key to a server 630 (act 710).
  • the server 630 receives the certificate thumbprint and the private key (act 802), and stores them in a key ID database (act 804).
  • a key ID database (act 804).
  • the server does not store the decryption key that is used to decrypt the cluster of data, but a private key (stored in the Key ID database, or that is otherwise accessible to the server) that is used to decrypt the encrypted decryption key (which is stored at the client).
  • the server creates/stores a backup of the private key (which is stored in the server key ID database) in a redundant/remote storage (act 806).
  • the boot manager since the boot manager repeatedly sends and receives the private keys and encrypted/decrypted decryption keys, it may use a different protocol than was previously used in Figures 3-6 .
  • NKPU Network Key Protector Unlock Protocol
  • NKPU enables a client system to send key material along with a session key as an encrypted package to a server and to receive the decrypted key material protected by the session key.
  • a session key is a short-lived symmetric key used to encrypt or authenticate data sent in the NKPU protocol.
  • NKPU protocol would further protect these keys with a session key. Therefore, even a successful hacker could only obtain an encrypted private key or encrypted decryption keys that are encrypted by a session key, which is insufficient to provide access to data.
  • the client system 602 When a client system 602 needs to access a cluster of data, the client system 602 initiates a boot process (act 712), and sends a communication request to the server (act 712).
  • the server 630 receives the communication request from the client system 602 (act 808) and sends a communication response to the client system 602 (act 810).
  • the client system 602 receives the communication response from the server (act 716) and sends a request for boot code (act 718).
  • the server 630 receives the request for boot code from the client system (act 812) and initiates a boot manager loading boot code (act 814).
  • the client system 602 receives the boot code from the server 630 (act 720) and sends a certificate and the encrypted key to the server 630 (act 722).
  • the server 630 receives the certificate thumbprint and the encrypted key of the cluster of data that the client system 602 requested to access (act 816) and searches the key ID database for a matching certificate thumbprint (act 818).
  • the server 630 finds a matching certificate thumbprint (act 822), it retrieves the private key that is associated with the certificate thumbprint (act 824), and decrypts the encrypted key (act 826), and send the decrypted key back to the client system (act 828).
  • the client system receives the decrypted key from the server (act 724) and decrypts the cluster of data using the decrypted key (act 726).
  • the server 630 If no match is found between the certificate thumbprint and a key in the Key ID database (act 830), the server 630 reaches out to a remote/redundant storage searching for a match (act 832). Then, if a match is found in the remote/redundant storage (act 836), the server 630 obtains/stores/restores the matching certificate thumbprint and the private key to the key ID database (act 838).
  • the server may detect asset management anomalies (act 840), as previously described in reference to Figure 5 . Accordingly, in response to detecting anomalies, the server may delete a certificate thumbprint and the key associated with it (act 842).
  • the decryption key is further encrypted, it can help solve both the malicious insider and snooping hacker problems.
  • the client system does not have to be in the network communicating with the server when the data is created and encrypted, because in an asymmetric cryptography system, the public key may have been distributed to the client system before the encryption of the cluster of the data, and the client system only needs the public key to encrypt the data.
  • Figures 9-11 illustrate other embodiments for providing tamper protection to client data.
  • a client system 902 communicates with a server 930 in a client-server environment 900.
  • the unique key ID of each cluster of encrypted data may comprise a certificate thumbprint.
  • the decryption key is further encrypted via a symmetric cryptosystem.
  • Figure 10 illustrates a flowchart 1000 that describes a method implemented from the client system perspective.
  • Figure 11 illustrates a flowchart 1100 that describes the method implemented from the server system perspective.
  • the client system 902 is similar to the client system 302 of Figure 3 , including at least a processor 904, a communication module 908, I/O interface(s) 906 and a storage device 910 that stores a certificate/thumbprint 912, an encrypted decryption key 914 and encrypted data 916 that the encrypted decryption key (914, once decrypted) is configured to decrypt.
  • the server 930 stores or has access to a key ID database 936 that stores the decryption key for decrypting the encrypted decryption key.
  • server 930 may be a PXE server.
  • the client sends an initial discover request (918) that triggers a server response (920). Then, the client sends a request for boot code (922) that triggers the initiation of the boot manager (924). The client then sends a thumbprint and the encrypted decryption key to the server (926). After the server decrypts the encrypted decryption key (with a key at or accessible to the server) the server sends back the matching decryption key (928).
  • This embodiment is similar to the previous embodiment (described in Figures 6- 8 ). However, rather than using asymmetric keys, this embodiment uses symmetric keys.
  • a symmetric key used to encrypt the decryption key is normally generated randomly by the server. And the server encrypts the decryption key and sends the encrypted decryption key back to the client system.
  • the benefit of using a symmetric cryptosystem is that it requires less computation, therefore, the encryption and decryption would take less time and computing power.
  • a symmetric key is randomly generated by a server, and the server encrypts the decryption key initially (rather than the client). Accordingly, the client system and the server system must be in communication when the encryption takes place, i.e. the client system must be connected to the network for communicating with the server when the data is encrypted.
  • the client system 902 encrypts the cluster of data (act 1002) and generates a certificate thumbprint of the cluster of encrypted data (act 1004).
  • the client system 902 sends the certificate thumbprint) and the decryption key to the server 930 (act 1006).
  • the server 930 receives the certificate thumbprint and decryption key of the cluster of encrypted data from the client system 902 (act 1102) and encrypts the decryption key with a randomly generated symmetric key (act 1104).
  • the server sends the encrypted decryption key back to the client system 902 (act 1006), which is received by the client system 902 (act 1008) and stored with the certificate thumbprint and the cluster of encrypted data, as metadata (act 1010). Meanwhile, the server 930 stores the certificate thumbprint and the symmetric key in the key ID database (act 1108).
  • the server 930 may also backup the key ID data in a remote/redundant storage (act 1110).
  • a client system 902 When a client system 902 needs to access a cluster of encrypted data, it initiates a boot process (act 1012), and sends a communication request to the server (act 1014).
  • the server 930 receives the communication request (act 1112) and sends a communication response to the client system (act 1114).
  • the client system 902 receives the communication response from the server 930 (act 1016) and sends a request for boot code (act 1018).
  • the server 930 receives a request for boot code (act 1116) and initiates a boot manager loading the boot code (act 1118).
  • the client system 902 receives boot code from the server 930 as the boot manager executes (act 1020) and sends the certificate thumbprint and the encrypted decryption key to the server 930 through the boot manager (act 1022).
  • the server 930 receives the certificate thumbprint and the encrypted decryption key from the client system 902 (act 1020) and searches the key ID database for a matching certificate thumbprint (act 1122).
  • the server 930 retrieves the symmetric key associated with the certificate thumbprint (act 1128) and uses the symmetric key to decrypt the encrypted key (act 1130). Then, the server 930 sends the decrypted key back to the client system 902 (act 1132). When the client receives the decrypted key from the server 930 (act 1024), it decrypts the cluster of encrypted data using the decrypted key (act 1026).
  • the server 930 If no match is found in the key ID database for a matching certificate thumbprint (act 1134), the server 930 reaches out to a remote/redundant storage, searching for a match (act 1136). Then, if a match is found in the remote/redundant storage (act 1140), the server 902 stores/restores the matching certificate thumbprint and the key used to encrypt the symmetric key back to the key ID database (act 1142).
  • the server may detect asset management anomalies (act 1146). In response to certain anomalies, the server may delete a key ID and/or its associated encryption and/or decryption key (act 1148).
  • this embodiment since the decryption key is also further encrypted, it also solves both the malicious insider and network hacker problems.
  • one benefit of this embodiment over the previous embodiment is that this embodiment may operate faster than the previous embodiment if the hardware's computation powers are the same, because a symmetric crypto algorithm generally requires less computing than an asymmetric crypto algorithm. For example, when a data center with a significant number of servers needs to reboot after a power outage, the data encrypted using a symmetric cryptosystem may be ready to be accessed faster than the data encrypted using an asymmetric cryptosystem, and less server processing time is required to support this.
  • the server may assign a different cluster of data a different key based on a predetermined classification, including but not limited to geographic locations of the data, the user IDs, and the type of the data.
  • the cryptosystem used to encrypt the clusters of data may be a symmetric cryptosystem or an asymmetric cryptosystem.
  • a symmetric cryptosystem may be preferred.
  • an asymmetric cryptosystem may be preferred.
  • Additional authentications may be implemented as an additional layer before or after each of the disclosed embodiments to achieve an even higher level of security. Additional authentications may include but are not limited to requiring the server to trigger an approval request via Short Message Service (SMS), email, etc. based on configurable policy or metadata that is tied to the key ID.
  • SMS Short Message Service
  • the unique key IDs may be randomly generated, and/or may include certificate thumbprint.
  • the unique key IDs may also be generated using any digital certification or signature function that is capable of generating a unique certification or signature.
  • sending and fetching the unique key ID and/or encrypted decryption key between a client system and a server may be achieved via different implementations, including but not limited to a boot manager initiated at the server, and/or boot code embedded in the BIOS or other firmware of the client system.
  • any feature herein may be combined with any other feature of a same or different embodiment disclosed herein.
  • various well-known aspects of illustrative systems, methods, apparatus, and the like are not described herein in particular detail in order to avoid obscuring aspects of the example embodiments. Such aspects are, however, also contemplated herein.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Description

    BACKGROUND
  • In contemporary computer systems and networking, computer users access data that is stored and managed in a variety of storage configurations, including traditional on-premise environments and in data server center environments. Such data may be subject to theft or tampering. For instance, it is possible for disks to be mishandled during decommissioning and it is also possible for malware and spyware to be installed on the storage devices or host system.
  • Physical access to an organization's secure areas, equipment, or materials containing sensitive data make it possible for a malicious insider to steal or damage the stored data. For example, a janitor or other building contractor may steal physical disks, other storage devices or even an entire computer system. Further, beyond physical theft and/or mishandling of the storage hardware, an operating system may be implanted with malicious software by unauthorized personnel that have physical access to the storage media. Malicious software could infiltrate or destroy data, or maintain persistent unauthorized access, amongst other problems.
  • Additionally, in computer networking, a hacker may manipulate the normal behavior of network connections and connected systems. Hackers may use scripts or other software to attack computer networks, manipulating data passing through a network connection in ways designed to obtain more information about the target system or obtain access to the data. According to some estimates, there are over one million new unique malware samples discovered each year. Unlike worms and mass-mailers of the past, many new viruses are extremely targeted to particular industries, companies and even users, making them more difficult to detect and prevent.
  • Most computer systems are eventually cycled out of service. However, sensitive data often remains on the storage devices of these systems. Sometimes, that computer or storage device is recycled, resold, left to collect dust in a closet, or can fall into a malicious person's hand. There are several popular methods that companies use to remove data from decommissioned storage devices. However, deleting data with the operating system may only remove pointers to the data, not the data itself, so the data can actually still be recovered. Other processes for removing the data can be bulky, time consuming to use, expensive and dangerous, and in the end, the data may still be readable.
  • Patent document US 9 483 655 B2 and "Network Key Protector Unlock Protocol Intellectual Property Rights Notice for Open Specifications Documentation" by Microsoft Corporation form part of the background art.
  • Accordingly, there is an ongoing need to provide methods for adding security to data that is maintained on storage devices, particularly for storage devices that are susceptible to theft and/or tampering.
  • SUMMARY
  • This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.
  • Disclosed embodiments are directed towards systems and methods for improving security of stored data by encrypting data and by maintaining the decryption keys separately from the encrypted data.
  • In some embodiments, a user generates a cluster of data using a client system, the cluster of data is encrypted using an encryption key and is also associated with a unique key identifier. In one embodiment, the client system sends the unique key identifier and a corresponding decryption key to a server for storage. When a user needs to access the cluster of encrypted data, the client system sends a communication request to the server that has access to a key ID database that stores the decryption key and receives a communication response from the server. The client system then sends the unique key ID to the server. In one embodiment, sending the unique key ID may be achieved using a boot manager, such that the client sends a request for boot code and receives the boot code from the server. In another embodiment, sending the unique key ID may be achieved by embedding the boot code in the client system's firmware. After sending the unique key identifier to the server, the client system receives the decryption key from the server and decrypts the cluster of encrypted data using the decryption key.
  • On the server side, the server receives the unique key identifier and the decryption key. The server stores the unique key identifier and the decryption key in the key ID database. When a user needs to access the cluster of encrypted data, the server receives a communication request from a client system and sends a communication response to the client system. Then, the server fetches the unique key ID stored in the cluster of encrypted data that the client system is requesting to access. In one embodiment, fetching the unique key ID may be achieved via boot manager, such that the server receives a request for boot code from the client system and initiates a boot manager loading the boot code. Through the boot code, the server obtains the unique key identifier stored in the cluster of encrypted data that the client system is requesting to access. In another embodiment, fetching the unique key ID may be achieved via accessing boot code embedded in the firmware of client system. After receiving the unique key ID, the server then searches the key ID database for a match. In response to finding a match, the server retrieves the decryption key associated with the key identifier and sends the decryption key to the client system.
  • In another embodiment, after the client system encrypts a cluster of data and creates a unique key ID of the clustered encrypted data. The unique key ID may comprise a certificate thumbprint. The decryption key is further encrypted using a public key. A private key is interrelated to the pubic key and is configured to decrypt the encrypted decryption key. The client system stores the encrypted decryption key and the unique key ID in the cluster of encrypted data as metadata, then sends the private key and the unique key ID to a server for storage. When a user needs to access the encrypted data again, the client system sends a communication request to the server and receives a response from the server granting the request. The client system then sends the unique key ID and the encrypted decryption key to the server. In one embodiment, the action of sending the unique key ID and the encrypted decryption key to the server is achieved by using a boot manager initiating boot code, such that after receiving boot code from the server, the client sends the unique key ID and the encrypted decryption key to the server. It will be noted, however, that the boot code can be obtained prior to or subsequent to initiating the process for accessing the key. In one embodiment, sending the unique key ID may be achieved by embedding the boot code in the client system's firmware. The client system then receives a decrypted decryption key from the server and decrypts the cluster of encrypted data using the decrypted decryption key.
  • On the server side, the server receives a unique key ID and a private key that is configured for decrypting the encrypted decryption key from the client system. The server stores the private key and the unique key ID in a key ID database. When a user needs to access a cluster of encrypted data, the server receives a communication request from the client system and sends a communication response to the client system. Then, the server fetches a unique key ID and the encrypted decryption key that are stored in the cluster of encrypted data as metadata. In one embodiment, fetching the unique key ID may be achieved by initiating a boot manager, such that after receiving a request for boot code from the client system, the server initiates a boot manager that provides boot code to the client. Alternatively, the boot manager can be installed prior to receiving the aforementioned communication request from the client system.
  • Through the boot manager, and execution of the boot code at the client, the server receives a unique key ID and an encrypted decryption key stored in metadata of the cluster of encrypted data that the client system requests to access. In another embodiment, fetching the unique key ID and encrypted decryption key may be achieved via accessing boot code embedded in the firmware of client system. After receiving the unique key ID, the server then searches the key ID database for a match unique key ID. In response to finding a match, the server retrieves the private key that is associated with the unique key ID and decrypts the encrypted decryption key using the private key, and sends the decrypted decryption key to the client system.
  • In another embodiment, after a cluster of data is generated and encrypted, the client system creates a unique key ID of the cluster of encrypted data. The unique key ID may comprise a certificate thumbprint. The client system sends the decryption key and the unique key ID to a server to be encrypted, using a symmetric key that is stored at the server. The client system receives the encrypted decryption key from the server and stores the encrypted decryption key along with the unique key ID in the cluster of data maintained at the client as metadata. When a user needs to access the cluster of data, the client system sends a communication request to the server and receives a response from the server granting the request. Then, the client system sends the unique key ID and the encrypted decryption key to the server. In one embodiment, sending the unique key ID and the encrypted decryption key may be achieved by initiating a boot manager from the server, such that the client system sends a request for boot code. After receiving the boot code from the server (which could be received prior to the server receiving the unique key ID and/or without the client sending a request for the boot code), the client sends the unique key ID and the encrypted decryption key to the server. In another embodiment, sending the unique key ID and encrypted decryption key may be achieved by running the boot code embedded in the firmware of the client system. After sending the unique key ID and the encrypted decryption key to the server, the client receives the decrypted decryption key from the server, which was decrypted by the server with the symmetric key. Finally, the client decrypts the cluster of data using the decrypted decryption key received from the server.
  • On the server side, the server receives a unique key ID and a decryption key from the client system. It encrypts the decryption key using the stored symmetric key and sends the encrypted decryption key to the client system for storage. The server stores the symmetric key and the unique key ID in a key ID database. When a user needs to access the encrypted data, the server receives a communication request from the client system and sends a communication response to the client system. The server then fetches the unique key ID and the encrypted decryption key from the metadata of the cluster of encrypted data. In one embodiment, fetching the unique key ID and the encrypted decryption key may be achieved by initiating a boot manager, sending boot code to the client system. Through the boot manager and executing boot code, the server receives the unique key ID and the encrypted decryption key stored in the metadata of the cluster of encrypted data that the client system is requesting access to. In another embodiment, fetching the unique key ID and the encrypted decryption key may be achieved by initiating boot code embedded in the firmware of the client system. After receiving the unique key ID and the encrypted decryption key, the server searches the key ID database for a match. In response to finding a match, the server retrieves the symmetric key associated with the unique key ID, decrypts the encrypted decryption key using the symmetric key, and sends the decrypted decryption key to the client system.
  • By storing access keys at a server, remotely from the stored client data, and by implementing certain protocols for a client to obtain the access keys, it is possible to improve the security of the stored client data, as described herein.
  • Additional features and advantages will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the teachings herein. Features and advantages of the embodiments may be realized and obtained by means of the instruments and combinations particularly pointed out in the appended claims. Features of the embodiments will become more fully apparent from the following description and appended claims, or may be learned by the practice of the embodiments as set forth hereinafter.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • In order to describe the manner in which the above-recited and other advantages and features can be obtained, a more particular description of the subject matter briefly described above will be rendered by reference to specific embodiments which are illustrated in the appended drawings. Understanding that these drawings depict only typical embodiments and are not therefore to be considered to be limiting in scope, embodiments will be described and explained with additional specificity and detail through the use of the accompanying drawings in which:
    • Figure 1 illustrates a client-server environment in which client data is encrypted and the decryption keys are stored on a data server.
    • Figure 2 illustrates the client-server environment of Figure 1 in which the data server further backups the decryption key in a redundant storage.
    • Figure 3 illustrates one embodiment of a client-server environment, in which each cluster of encrypted data is associated with a key identifier (ID), and the key ID and the decryption key are stored in a server accessible key ID database.
    • Figure 4 illustrates the client system perspective of the client-server environment shown in Figure 3.
    • Figure 5 illustrates the server perspective of the client-server environment shown in Figure 3.
    • Figure 6 illustrates another embodiment of a client-server environment, in which the decryption key is further encrypted via an asymmetric key.
    • Figure 7 illustrates the client system perspective of the client-server environment shown in Figure 6.
    • Figure 8 illustrates the server perspective of the client-server environment shown in Figure 6.
    • Figure 9 illustrates another embodiment of a client-server environment, in which the decryption key is further encrypted via a symmetric cryptosystem.
    • Figure 10 illustrates the client system perspective of the client-server environment shown in Figure 9.
    • Figure 11 illustrates the server perspective of the client-server environment shown in Figure 9.
    DETAILED DESCRIPTION
  • Disclosed embodiments are directed towards systems and methods for improving security of stored data, by helping to keep encrypted client data tamper resistant, by encrypting data and by also maintaining the keys for decrypting/accessing the encrypted data separately from the encrypted data.
  • In some embodiments, a user encrypts a data set (sometimes referred to, herein, as a cluster of data) using an encryption key and associates the encrypted data with a unique key identifier. The client sends the unique key identifier and a corresponding decryption key to a server for storage. The client does not separately keep a copy of the decryption key at the client. Then, when a user needs to access the encrypted data, the client system obtains the decryption key from the server by following certain protocols. For instance, the client sends a communication request to the server and receives a communication response from the server. The client system then sends a request for boot code and receives the boot code from the server. The client also provides the unique key identifier to the server, which sometimes occurs during execution of the boot code. In response to providing the unique key identifier to the server, the client system receives the decryption key from the server and decrypts the cluster of encrypted data using the decryption key.
  • In another embodiment, after the client system encrypts the data, the client creates a unique key ID of the encrypted data. The unique key ID may comprise a certificate thumbprint. The decryption key is further encrypted using a public key. A corresponding private key configured to decrypt the encrypted decryption key is sent to the server, without being maintained/stored at the client. The client system stores the encrypted decryption key and the unique key ID as metadata. The private key and unique key ID are sent to and stored by the server or a system that is accessible to the server. When a user needs to access the encrypted data again, the client system sends a communication request to the server and receives a response from the server granting the request. The client then sends a request for boot code. After receiving boot code from the server, the client sends the unique key ID and the encrypted decryption key to the server. This triggers the server sending the decrypted decryption key to the client, such that the client is enabled to decrypt the cluster of encrypted data using the decrypted decryption key.
  • In yet another embodiment, the client stores a decryption key with the encrypted data, but not in a format that can be used by the client. In particular, the decryption key is encrypted until it is needed and it is only decrypted in response to the client following certain security protocols with a server that decrypts the decryption key. In this embodiment, the client system creates a unique key ID of encrypted data and sends the corresponding decryption key for decrypting the data to a server to be encrypted. The unique key ID may also be a certificate thumbprint. The server encrypts the decryption key using a symmetric key that is stored at the server. The client system receives the encrypted decryption key from the server and stores the encrypted decryption key along with the unique key ID in the cluster of data maintained at the client as metadata. When a user needs to access the cluster of data, the client system sends a communication request to the server and receives a response from the server granting the request. Then, the client system sends a request for boot code. During execution of the boot code, the client sends the unique key ID and the encrypted decryption key to the server. Next, the client receives the decrypted decryption key from the server, which is decrypted by the server with the symmetric key, and decrypts the encrypted data with the newly received/decrypted decryption key.
  • The disclosed embodiments for helping to keep encrypted client data tamper resistant may be implemented by a computing system, as described in the following disclosure, which includes one or more client and/or server systems.
  • Figure 1 illustrates one example of a client-server environment 100 that can be used to implement certain aspects of the invention. In this environment, client data sets (104, 108, 112, 114, 116, 118, 120, and 122) are encrypted and maintained by various client systems 102, 106, 110. Corresponding decryption keys for decrypting the data sets are maintained in a key database 126 that is stored on and/or accessible to a remote server 124.
  • Client systems 102, 106 and 110 and server 124 communicate over one or more network connections 128, using wired and/or wireless components and protocols. In some instances, the server 124 communicates with the client system(s) 102, 106 and 110 using the trivial file transfer protocol (TFTP) and/or Network Key Protector Unlock Protocol (NKPU).
  • The client data may be stored locally in any combination of one or more storage locations that are coupled to or accessible to the client system(s). For example, client system 102 includes storage 104, the client system 106 includes storage 108, and the client system 110 includes multiple storage containers/ locations 112, 114 and 116. The client data may also be stored in a remote network and/or distributed storage. For example, some of the data for client system 100 is stored in network storages 118, 120 and 122. There may be one or more client systems communicating with one or more servers. The ellipsis 110 represents that there may be one or more client systems in the client-server environment 100. There may also be one or more clusters of data stored in one or more cloud storages or storage coupled to or near the server. Each of the clusters of data may be accessible by one or more clients. The ellipsis 116 represents that each client system may include one or more data storages. The ellipsis 122 represents that each client system may have access to one or more network storages for storing the client data.
  • The client data, may be referred to herein as either `data,' one or more `data cluster(s)' and/or one or more `data set(s)'.
  • As mentioned previously, some data is stored in storage devices that are vulnerable to theft and/or corruption. For instance, a malicious insider (e.g., a janitor) can infect or remove a storage device from a client system. In another example, decommissioned storage devices (at the end of their life cycle) are sometimes discarded with sensitive data. These storage devices may be recycled, resold, or obtained by a malicious person.
  • Embodiments of the present invention can be used to help improve the security and protection of client data by encrypting the data (e.g., 104, 108, 112, 114, 116, 118, 120, or 122) and storing keys for accessing the data separately from the client. In some instances, the encrypted data is also associated with a unique ID. This unique ID may comprise data defining a date of creating, modifying or accessing the data. The unique ID can also be a randomly generated identifier. The client and server associate the unique ID with the cluster of data that is encrypted. The unique ID and the decryption key associated with the cluster of data are stored in a key ID database 126 that the server 124 has access to. The decryption key is not stored by the client (at least not in a format that can be used by the client). When a malicious person obtains access to the client storage device containing the encrypted data, they would not be able to obtain/use the decryption keys, because they are either maintained on the server and/or are stored in a format (encrypted format) that cannot be used without first accessing another key from the server. Thus, they would not be able to access the encrypted data.
  • One set of encryption/decryption key(s) may be used to encrypt a particular cluster of data. Each cluster of data may be classified in many different ways, including, but not limited to, classifying data based on a client's ID, a client's system's ID, a client's geographic location, a data storage's geographic location, a type of data, the sensitivity of the data.
  • There are also many ways to encrypt each cluster of data. Encryption is the process of converting ordinary information (plaintext) into unintelligible text (ciphertext). Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext. A cipher is a pair of algorithms that create the encryption and the reversing decryption. The detailed operation of a cipher is controlled both by the algorithm and in each instance by a "key". The key is a secret (ideally known only to the communicants), usually a short string of characters, which is needed to decrypt the ciphertext. Ciphers may be used directly for encryption or decryption without additional procedures such as authentication or integrity checks. They also may be used to include sender/receiver identity authentication, digital signatures, interactive proofs and secure computation, among others.
  • There are two general kinds of cryptosystems: symmetric and asymmetric. In symmetric systems the same key is used to encrypt and decrypt a message. Data manipulation in symmetric systems is faster than asymmetric systems as they generally use shorter key lengths. Asymmetric systems use a public key to encrypt a message and a private key to decrypt it. Use of asymmetric systems enhances the security of communication. Examples of asymmetric systems include, but are not limited to, RSA (Rivest-Shamir-Adleman), and EEC (Elliptic Curve Cryptography). Symmetric models include, but are not limited to, the commonly used AES (Advanced Encryption Standard).
  • Symmetric key ciphers are implemented as either block ciphers or stream ciphers. A block cipher enciphers input in blocks of plaintext as opposed to individual characters. Stream ciphers, in contrast, create an arbitrarily long stream of key material, which is combined with the plaintext bit-by-bit or character-by-character, somewhat like the one-time pad. When symmetric algorithms are used, a same key is used for both encryption and decryption. Typically, in a symmetric cryptosystem, encryption keys are randomly generated. When asymmetric algorithms are used, different keys are used for encryption and decryption, such that a public key is used to encrypt the data, and a private key is used to decrypt the data.
  • The asymmetric cryptosystem is also called public key system. A public key system is so constructed that calculation of one key (the 'private key') is computationally infeasible from the other (the 'public key'), even though they are necessarily related. Instead, both keys are generated secretly, as an interrelated pair. In public-key cryptosystems, the public key may be freely distributed, while its paired private key must remain secret. In a public-key cryptosystem, the public key is used for encryption, while the private or secret key is used for decryption.
  • Cryptographic hash functions are a third type of cryptographic algorithm. They take a message of any length as input, and output a short, fixed length hash, which can be used (for example) as a digital signature or unique identifier. For good hash functions, an attacker cannot find two messages that produce the same hash.
  • Additionally, public-key cryptosystems may be hybrid cryptosystems, in which a symmetric-key encryption algorithm or an asymmetric-key encryption algorithm is used for the data itself, while the relevant symmetric key or private key is further encrypted using a public-key algorithm or a symmetric-key algorithm. Similarly, hybrid signature schemes may be used, in which a cryptographic hash function is computed as a unique identifier associated with a decryption key that is used to decrypt the data, or used to decrypt the encrypted decryption key. The client-server system may also include another layer further authenticating a user's identity via the client system, or via the server.
  • Various combinations of the foregoing symmetric, asymmetric and hash systems are utilized in the disclosed embodiments for improving the security and protection of client data.
  • Figure 2 illustrates an example of a client-server system environment 200 on which the invention may be implemented. The computing system environment 200 is only one example of a suitable computing environment and is not intended to suggest any limitation as to the scope of use or functionality of the invention. Neither should the computing environment 200 be interpreted as having any dependency or requirement relating to any one or combination of components illustrated in the exemplary operating environment 200.
  • The invention is operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well-known computing systems, environments, and/or configurations that may be suitable for use with the invention include, but are not limited to: personal computers, server computers, handheld or laptop devices, tablet devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, computer controlled robots and manufacturing machines, distributed computing environments that include any of the above systems or devices, and the like.
  • The invention may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, and so forth, which perform particular tasks or implement particular abstract data types. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in local and/or remote computer storage media including memory storage devices.
  • With reference to Figure 2, an exemplary system for implementing the invention includes a client system 202, which may be a general purpose computing device in the form of a personal computer 202 (similar to a client system from Figure 1) and which may be configured to communicate with a server 216 (similar to the server of Figure 1) over a network connection 214 (similar to the network connections of Figure 1).
  • Components of the computer 202 may include, but are not limited to, one or more processors 204, a system memory 210, an input/output (I/O) interface 206, and a communication module 208. The I/O interface 206 may include but is not limited to a keyboard, a computer mouse, a touch screen, a monitor and printers. The communication module 208 may include but is not limited to modems, network cards, communication interfaces and so forth.
  • The system memory 210 stores the client data (often encrypted) and also includes computer storage media in the form of volatile and/or nonvolatile memory such as read only memory (ROM) and random access memory (RAM). A basic input/output system (BIOS), containing the basic routines that help to transfer information between elements within computer 210, such as during start-up, is typically stored in ROM. RAM typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by the processors or processing unit 204.
  • The storage device 210 also includes computer-readable instructions for implemented the disclosed methods, corresponding data structures and other data for the client system 202.
  • A user may enter commands and information into the client system 202 through I/O interfaces 206, which may include input devices such as a touch screen, a microphone, a keyboard, a mouse, trackball and/or touch pad. Other input devices may include a joystick, game pad, satellite dish, scanner, motion sensors and the like. These and other input devices are often connected to the processing unit (including one or more processor 204) through a universal serial bus (USB).
  • The I/O interfaces 206 may also include output interfaces, such as a monitor or other type of display device, speakers, haptic feedback devices, and so forth.
  • In one embodiment, when a user of a client system 202 creates a cluster of data 212, the data 212 is encrypted using a predetermined cipher or key, and the encrypted data is then stored in storage 210. The decryption keys are sent to the server 216 to be stored in a key database 218 that the server has access to. In these embodiments, the client does not store the decryption keys. Alternatively, the client system 202 may further encrypt the decryption key (which is stored in an encrypted format at the client), then the decryption keys used to encrypt the decryption keys are sent to the server 216 to be stored in the key database 220, such that the decryption key at the client is inaccessible without first obtaining the decryption key from the server for decrypting the encrypted decryption key at the client.
  • The storage 210 may be a local storage that is included in the client system 202. The storage may also be a remote and/or distributed network storage that the client system 202 is able to access, as described above with respect to Figure 1. The key database 220 may be stored in an internal storage 218 of the server 216. The key database 220 may also be stored in an external storage device accessible to the server, 216 or a network storage that the server has access through network connections (not shown in the Figure).
  • The key database 220 may also be backed up in a redundant storage 222. The redundant storage 222 may be a local storage that is only accessible to the server. Alternatively, it may be a network storage that is accessible to one or more servers.
  • Figure 3 illustrates one embodiment of a client-server environment 300, in which each cluster of encrypted data 312 is associated with a separate key identifier (ID) 314. The key ID 314 and a corresponding decryption key 334, which is configured for decrypting the encrypted data 312, are stored in a key ID database 330 that the server 328 has access.
  • In some embodiments, the server 328 is a Preboot Execution Environment (PXE) server. In modern data centers, for example, PXE servers are a common choice for operating system booting, installation and deployment. The PXE is a standardized client-server environment that boots a software assembly, retrieved from a network, on PXE-enabled client systems. On the client system side it requires a PXE-capable network interface controller (NIC), and uses a set of industry-standard network protocols such as Trivial File Transfer Protocol (TFTP).
  • TFTP is a lockstep file transfer protocol which allows a client to get a file from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area network. In TFTP, a transfer is initiated by the client issuing a request to read or write a particular file on the server. The request can optionally include a set of negotiated transfer parameters proposed by the client system. If the server grants the request, the file is sent by default or the number specified in the blocksize negotiated option. Both devices (client and server) involved in a transfer may be considered senders and receivers. For instance, one system sends data and receives acknowledgments, the other system also sends acknowledgements and receives data.
  • The initiating client system may send a service request to a server. The server replies with an acknowledgement. The client system sends data packets to the server, and the destination server replies with acknowledge packets for data packets. Even though TFTP normally may not include login or access control mechanisms, some disclosed embodiments include layering authentication, access control, confidentiality, and/or integrity checking above or below the layer at which TFTP runs.
  • In some instances, the PXE boot of a client system boot is initiated when a client sends a general request to a PXE server, i.e. a PXE discover request (316). The PXE server responds to the PXE discover with an acknowledgement (318). Then the client system sends a request for boot code via TFTP (320). In response to the request for boot code, the server initiates a boot manager including boot code (322), which may include the client system downloading the boot code using TFTP from the server to the client system's RAM. Then the boot manager is executed at the client to fetch the unique key ID (324). Finally, after the server receives and matches the unique key ID to a corresponding decryption key 334 at the server, the server provides the decryption key to the client (326).
  • Attention will now be directed to Figures 4 and 5, which illustrate corresponding methods for helping to keep encrypted client data tamper resistant, as presented from the client perspective (Figure 4) and the server perspective (Figure 5), and such as may be implemented by client 302 in the client-server environment 300 of Figure 3.
  • When a user of a client system 302 creates a cluster of data to be protected, the client system associates the cluster of data with a unique key ID (act 402), and stores the unique key ID in the cluster of data as metadata (act 404). The client system then encrypts the cluster of data using a predetermined cipher (act 406). The cryptosystem used for encrypting the data may be a symmetric system or an asymmetric system. When a symmetric system is used, the encryption key is the same as the decryption key, i.e. a symmetric key. When an asymmetric system is used, there will be a pair of different keys used to encrypt or decrypt the data. The key used to encrypt the data is usually distributed freely and called public key. The key used to decrypt the data is kept secret and called private key.
  • After encryption, the client system sends the unique key ID and the decryption key to the server for storage (act 408). The server 328 receives the key ID and the decryption key from the client system 302 (act 502) and stores it in a key ID database (act 504). The server 328 may also backup the key ID database in a redundant storage (act 506).
  • When a client system 302 needs to access the encrypted data, it initiates a system boot process (act 410), and sends a communication request to the server (act 412). The serve 328 receives the communication request from the client system 302 (act 508), and sends a communication response to the client system 302 as an acknowledgement (act 510).
  • Next, the client system 302 receives the communication response from the server 328 (act 414) and sends a request for boot code (act 416). The server 328 receives the request for boot code from the client system 302 (act 512) and initiates a boot manager (act 514). The boot code is received by and/or executed at the client system (act 418). When executed, the boot code reads the unique key ID associated with the encrypted data at the client system and sends the unique key ID to the server 328 (act 420).
  • When the server 302 receives the unique key ID (act 516), it searches the key ID database for a match (act 518). Upon finding a matching unique key ID (act 522), the server retrieves the decryption key associated with the matching unique key ID (act 524) and sends the decryption key to the client system 302 (act 526). Responsively, the client system 302 receives the decryption key from the server 328 (act 422), and decrypts the cluster of data using the decryption key (act 424).
  • If no match is found (act 528), the server 328 reaches out to a remote/redundant storage searching for a match (act 530). Then, if a match is found at the remote/redundant storage (act 534), the server obtains/restores the matching key ID and stores the decryption key in the key ID database (act 536). This can be beneficial when a key is inadvertently lost/inaccessible by the server. For instance, in some embodiments, there may be times when a key ID and/or its associated key(s) are erroneously deleted or corrupted and/or the server storage component that is storing the key ID crashes. In such circumstances, the servers may access the backup key ID database and retrieve the missing key ID and its key(s) and restore them back to the key ID database.
  • To facilitate the foregoing, some embodiments utilize a remote key ID database, separately from the server(s). There may also be many backup key ID databases stored in different redundant storages that are accessible by the server(s). Each of the servers may communicate with a client system separately. Or each of the servers may have access to an identical key ID database that is coupled to the server for faster communication. In such a case, when one server updates its key id database, the rest of the servers also updates the key id database accordingly. Each server's database may also be deemed as a redundant key ID storage for the other servers.
  • The disclosed embodiments also provide techniques for addressing anomalies. For instance, during each step of the communication protocol, described above, the server 328 may detect asset management anomalies (act 540). In response certain anomalies, the server may delete a key ID and/or its associated decryption key (act 542). For example, an anomaly may be detected/determined in response to the boot manager failing to successfully read the key associated with the unique key ID due to, for example, a storage device that is marked missing or de-commissioned. In another example, there may be a threshold number of failed attempts to access a cluster of encrypted data, such that no matching key ID can be found from the key ID database and/or the backup storage. This would also trigger the determination/detection of an anomaly.
  • With specific regard to the methods described in reference to Figures 3-5, the client's data is encrypted, no matter whether the data are stored locally or on a cloud storage, and the decryption key is stored separately (i.e., not stored locally with the cluster of data or in the client's system). Accordingly, even if a malicious person accesses a storage device or a computer containing the encrypted data, the data is inaccessible, because the decryption key is stored on a remote server and not ascertainable by the malicious person.
  • However, utilizing the protocols/methods described above, it is possible that a hacker could sniff out the data being transmitted back and forth between a client system and a server. Accordingly, to add another layer of security, some disclosed embodiments include further encrypting the decryption key by a random local key, sending the encrypted decryption key to the server, and storing the random local key in the cluster of encrypted data as metadata. This way, when a client system needs to access a cluster of encrypted data, the server will send out the encrypted decryption key, and after receiving the encrypted decryption key, the client system decrypts the encrypted decryption key using the random local key, then decrypt the cluster of data using the decrypted decryption key. In this case, a hacker may attempt to obtain an encrypted decryption key via hacking the network, which alone would not allow him to access the key or the encrypted data.
  • Attention will now be directed to Figures 6-8, which illustrate additional/altemative systems and methods for helping to keep encrypted client data tamper resistant, as presented from the client perspective (Figure 7) and the server perspective (Figure 8), and such as may be implemented by a client 602 in a client-server environment 600 of Figure 6.
  • As illustrated in Figure 6, a client system 602 is similar to the client system 302 of Figure 3, including at least a processor 604, a communication module 608, an I/O interface 606 and storage device 610 that stores a certificate/thumbprint 612, an encrypted decryption key 614 and encrypted data 616 that the encrypted decryption key (614, once decrypted) is configured to decrypt. The server 630 stores or has access to a key ID database 636 that stores the decryption key for decrypting the encrypted decryption key.
  • Similar to the server 328 in Figure 3, server 630 may also be a PXE server. In this environment, the client sends an initial discover request (618) that triggers a server response (620). Then, the client sends a request for boot code (622) that triggers the initiation of the boot manager (624). The client then sends a thumbprint and the encrypted decryption key to the server (626). After the server decrypts the encrypted decryption key (with a key at or accessible to the server) the server sends back the matching decryption key (628).
  • In this embodiment, the unique key identifier of the encrypted data may be a certificate thumbprint 612. A certificate thumbprint 612 is a string that uniquely identifies a cluster of data. A thumbprint may be a hash that is calculated from the content of the cluster of data using a thumbprint algorithm. The hash may be based off of any combination of the encrypted data, the encryption key, the unique ID, a client identifier and/or any other information stored at or associated with the client system. Each cluster of encrypted data is separately identified via a unique certificate thumbprint. In some instances, all data at the client is combined into a single cluster. In other embodiments, the client stores separate clusters of data that are each associated with a different unique ID and/or thumbprint.
  • In some embodiments, as referenced in Figures 7 and 8, the client system 602 encrypts the data using a pre-determined cryptography (act 702) and creates a certificate thumbprint of the cluster of the encrypted data (act 704). The client also encrypts the decryption key via an asymmetric cryptosystem (act 706). As explained above, in an asymmetric cryptosystem, there is a pair of different keys generated. A public key is used to encrypt the data, and a private key is used to decrypt the data. Here, the decryption key is further encrypted by a public key, and the private key interrelated to the public key is used to decrypt the encrypted decryption key.
  • The client system 602 then stores the encrypted decryption key and the certificate thumbprint in the cluster of encrypted data as metadata (act 708). The client then sends the certificate thumbprint and the private key that paired with the public key to a server 630 (act 710).
  • The server 630 receives the certificate thumbprint and the private key (act 802), and stores them in a key ID database (act 804). One difference between this embodiment, compared to the previous one (Figures 3-5), is that the server does not store the decryption key that is used to decrypt the cluster of data, but a private key (stored in the Key ID database, or that is otherwise accessible to the server) that is used to decrypt the encrypted decryption key (which is stored at the client).
  • In some embodiments, the server creates/stores a backup of the private key (which is stored in the server key ID database) in a redundant/remote storage (act 806).
  • Also, in some instances, since the boot manager repeatedly sends and receives the private keys and encrypted/decrypted decryption keys, it may use a different protocol than was previously used in Figures 3-6.
  • One of the protocols the boot manager may use is Network Key Protector Unlock Protocol (NKPU). NKPU enables a client system to send key material along with a session key as an encrypted package to a server and to receive the decrypted key material protected by the session key. A session key is a short-lived symmetric key used to encrypt or authenticate data sent in the NKPU protocol. For example, when the private key or encrypted/decrypted decryption keys are communicated between the client system and the server, NKPU protocol would further protect these keys with a session key. Therefore, even a successful hacker could only obtain an encrypted private key or encrypted decryption keys that are encrypted by a session key, which is insufficient to provide access to data.
  • When a client system 602 needs to access a cluster of data, the client system 602 initiates a boot process (act 712), and sends a communication request to the server (act 712). The server 630 receives the communication request from the client system 602 (act 808) and sends a communication response to the client system 602 (act 810). The client system 602 receives the communication response from the server (act 716) and sends a request for boot code (act 718).
  • The server 630 receives the request for boot code from the client system (act 812) and initiates a boot manager loading boot code (act 814). The client system 602 receives the boot code from the server 630 (act 720) and sends a certificate and the encrypted key to the server 630 (act 722). The server 630 receives the certificate thumbprint and the encrypted key of the cluster of data that the client system 602 requested to access (act 816) and searches the key ID database for a matching certificate thumbprint (act 818).
  • When the server 630 finds a matching certificate thumbprint (act 822), it retrieves the private key that is associated with the certificate thumbprint (act 824), and decrypts the encrypted key (act 826), and send the decrypted key back to the client system (act 828). The client system receives the decrypted key from the server (act 724) and decrypts the cluster of data using the decrypted key (act 726).
  • If no match is found between the certificate thumbprint and a key in the Key ID database (act 830), the server 630 reaches out to a remote/redundant storage searching for a match (act 832). Then, if a match is found in the remote/redundant storage (act 836), the server 630 obtains/stores/restores the matching certificate thumbprint and the private key to the key ID database (act 838).
  • During each step of this process, the server may detect asset management anomalies (act 840), as previously described in reference to Figure 5. Accordingly, in response to detecting anomalies, the server may delete a certificate thumbprint and the key associated with it (act 842).
  • As described before, there may be many servers that have access to a key ID database. There may also be many backup key ID databases stored in different redundant storages.
  • In this embodiment, since the decryption key is further encrypted, it can help solve both the malicious insider and snooping hacker problems. As mentioned earlier, in an asymmetric cryptography system, when a key-pair is created, the private key is kept privately and the public key can be accessed by anyone to send the key creator an encrypted message. Accordingly, an additional benefit of this embodiment is that the client system does not have to be in the network communicating with the server when the data is created and encrypted, because in an asymmetric cryptography system, the public key may have been distributed to the client system before the encryption of the cluster of the data, and the client system only needs the public key to encrypt the data.
  • Figures 9-11 illustrate other embodiments for providing tamper protection to client data. In these embodiments, a client system 902 communicates with a server 930 in a client-server environment 900. In this embodiment, the unique key ID of each cluster of encrypted data may comprise a certificate thumbprint. However, unlike the embodiment illustrated in Figures 6-8, the decryption key is further encrypted via a symmetric cryptosystem. Figure 10 illustrates a flowchart 1000 that describes a method implemented from the client system perspective. Figure 11 illustrates a flowchart 1100 that describes the method implemented from the server system perspective.
  • As shown in Figure 9, the client system 902 is similar to the client system 302 of Figure 3, including at least a processor 904, a communication module 908, I/O interface(s) 906 and a storage device 910 that stores a certificate/thumbprint 912, an encrypted decryption key 914 and encrypted data 916 that the encrypted decryption key (914, once decrypted) is configured to decrypt. The server 930 stores or has access to a key ID database 936 that stores the decryption key for decrypting the encrypted decryption key.
  • Similar to the server 328 in Figure 3, server 930 may be a PXE server. In this environment, the client sends an initial discover request (918) that triggers a server response (920). Then, the client sends a request for boot code (922) that triggers the initiation of the boot manager (924). The client then sends a thumbprint and the encrypted decryption key to the server (926). After the server decrypts the encrypted decryption key (with a key at or accessible to the server) the server sends back the matching decryption key (928).
  • This embodiment is similar to the previous embodiment (described in Figures 6- 8). However, rather than using asymmetric keys, this embodiment uses symmetric keys. A symmetric key used to encrypt the decryption key is normally generated randomly by the server. And the server encrypts the decryption key and sends the encrypted decryption key back to the client system. The benefit of using a symmetric cryptosystem is that it requires less computation, therefore, the encryption and decryption would take less time and computing power. However, since a symmetric key is randomly generated by a server, and the server encrypts the decryption key initially (rather than the client). Accordingly, the client system and the server system must be in communication when the encryption takes place, i.e. the client system must be connected to the network for communicating with the server when the data is encrypted.
  • Now, with respect to Figures 10-11, it is noted that when a user of a client system creates a cluster of data, the client system 902 encrypts the cluster of data (act 1002) and generates a certificate thumbprint of the cluster of encrypted data (act 1004). The client system 902 sends the certificate thumbprint) and the decryption key to the server 930 (act 1006).
  • The server 930 receives the certificate thumbprint and decryption key of the cluster of encrypted data from the client system 902 (act 1102) and encrypts the decryption key with a randomly generated symmetric key (act 1104). The server sends the encrypted decryption key back to the client system 902 (act 1006), which is received by the client system 902 (act 1008) and stored with the certificate thumbprint and the cluster of encrypted data, as metadata (act 1010). Meanwhile, the server 930 stores the certificate thumbprint and the symmetric key in the key ID database (act 1108).
  • In some instances, the server 930 may also backup the key ID data in a remote/redundant storage (act 1110).
  • When a client system 902 needs to access a cluster of encrypted data, it initiates a boot process (act 1012), and sends a communication request to the server (act 1014). The server 930 receives the communication request (act 1112) and sends a communication response to the client system (act 1114). The client system 902 receives the communication response from the server 930 (act 1016) and sends a request for boot code (act 1018).
  • The server 930 receives a request for boot code (act 1116) and initiates a boot manager loading the boot code (act 1118). The client system 902 receives boot code from the server 930 as the boot manager executes (act 1020) and sends the certificate thumbprint and the encrypted decryption key to the server 930 through the boot manager (act 1022).
  • The server 930 receives the certificate thumbprint and the encrypted decryption key from the client system 902 (act 1020) and searches the key ID database for a matching certificate thumbprint (act 1122).
  • When a match is found (act 1126), the server 930 retrieves the symmetric key associated with the certificate thumbprint (act 1128) and uses the symmetric key to decrypt the encrypted key (act 1130). Then, the server 930 sends the decrypted key back to the client system 902 (act 1132). When the client receives the decrypted key from the server 930 (act 1024), it decrypts the cluster of encrypted data using the decrypted key (act 1026).
  • If no match is found in the key ID database for a matching certificate thumbprint (act 1134), the server 930 reaches out to a remote/redundant storage, searching for a match (act 1136). Then, if a match is found in the remote/redundant storage (act 1140), the server 902 stores/restores the matching certificate thumbprint and the key used to encrypt the symmetric key back to the key ID database (act 1142).
  • Similar to Figures 5 and 8, during each step of the process, the server may detect asset management anomalies (act 1146). In response to certain anomalies, the server may delete a key ID and/or its associated encryption and/or decryption key (act 1148).
  • Similar to the previous embodiments, in this embodiment, since the decryption key is also further encrypted, it also solves both the malicious insider and network hacker problems. Theoretically, one benefit of this embodiment over the previous embodiment is that this embodiment may operate faster than the previous embodiment if the hardware's computation powers are the same, because a symmetric crypto algorithm generally requires less computing than an asymmetric crypto algorithm. For example, when a data center with a significant number of servers needs to reboot after a power outage, the data encrypted using a symmetric cryptosystem may be ready to be accessed faster than the data encrypted using an asymmetric cryptosystem, and less server processing time is required to support this.
  • In all the embodiments described in this disclosure, the server may assign a different cluster of data a different key based on a predetermined classification, including but not limited to geographic locations of the data, the user IDs, and the type of the data.
  • Also, in all the embodiments described in this disclosure, the cryptosystem used to encrypt the clusters of data may be a symmetric cryptosystem or an asymmetric cryptosystem. For faster computation, a symmetric cryptosystem may be preferred. For heightened security protection, an asymmetric cryptosystem may be preferred.
  • Furthermore, additional authentications may be implemented as an additional layer before or after each of the disclosed embodiments to achieve an even higher level of security. Additional authentications may include but are not limited to requiring the server to trigger an approval request via Short Message Service (SMS), email, etc. based on configurable policy or metadata that is tied to the key ID.
  • Also, in all the embodiments described in this disclosure, the unique key IDs may be randomly generated, and/or may include certificate thumbprint. The unique key IDs may also be generated using any digital certification or signature function that is capable of generating a unique certification or signature.
  • Further, in all the embodiments described in this disclosure, sending and fetching the unique key ID and/or encrypted decryption key between a client system and a server may be achieved via different implementations, including but not limited to a boot manager initiated at the server, and/or boot code embedded in the BIOS or other firmware of the client system.
  • Moreover, unless a feature is described as requiring another feature in combination therewith, any feature herein may be combined with any other feature of a same or different embodiment disclosed herein. Furthermore, various well-known aspects of illustrative systems, methods, apparatus, and the like are not described herein in particular detail in order to avoid obscuring aspects of the example embodiments. Such aspects are, however, also contemplated herein.
  • The present invention may be embodied in other specific forms without departing from its characteristics. The described embodiments are to be considered in all respects only as illustrative and not restrictive. The scope of the invention is, therefore, indicated by the appended claims rather than by the foregoing description. All changes which come within the meaning and range of the claims are to be embraced within their scope.

Claims (15)

  1. A client computing system (602) for keeping encrypted data tamper resistant, comprising:
    one or more processors (604); and
    one or more storage media having stored computer-executable instructions that are executable by the one or more processors for implementing a method for keeping encrypted data tamper resistant, the method comprising:
    associating a cluster of data (212) with a unique key identifier;
    encrypting the cluster of data using an encryption key;
    sending the unique key identifier and a decryption key to a server (630) that has access to a key ID database that stores the unique key identifier and the decryption key, wherein the decryption key is interrelated to the encryption key and configured to decrypt the cluster of data that is encrypted using the encryption key;
    storing the unique key identifier in the cluster of encrypted data as metadata without storing the encryption key;
    initiating boot of a client system;
    sending a communication request to a server that has access to the key ID database;
    receiving a communication response from the server;
    sending the unique key identifier to the server;
    receiving a decryption key from the server; and
    decrypting the cluster of encrypted data using the decryption key.
  2. The computing system of claim 1, wherein the encryption key and the decryption key are a symmetric key.
  3. The computing system of claim 1, wherein the server is a Pre-boot Execution Environment, PXE, server, wherein the communication request is a PXE discover, and wherein the communication response is a response to the PXE discover.
  4. The computing system of claim 1, wherein the request for boot code is a request for boot code via Trivial File Transfer Protocol, TFTP.
  5. A method implemented by a client system (602) for keeping encrypted data tamper resistant, comprising:
    associating (402) a cluster of data with a unique key identifier;
    encrypting (406) the cluster of data using an encryption key;
    sending (408) the unique key identifier and a decryption key to a server that has access to a key ID database that stores the unique key identifier and the decryption key, wherein the decryption key is interrelated to the encryption key and configured to decrypt the cluster of data that is encrypted using the encryption key;
    storing (404) the unique key identifier in the cluster of encrypted data as metadata without storing the encryption key;
    initiating (410) boot of a client system;
    sending (412) a communication request to a server (630) that has access to the key ID database;
    receiving (414) a communication response from the server;
    sending (420) the unique key identifier to the server;
    receiving (422) a decryption key from the server; and
    decrypting (424) the cluster of encrypted data using the decryption key.
  6. The method of claim 5, wherein the encryption key and the decryption key are a symmetric key.
  7. The method of claim 5, wherein the server is a Pre-boot Execution Environment, PXE, server, wherein the communication request is a PXE discover, and wherein the communication response is a response to the PXE discover.
  8. The method of claim 5, wherein the request for boot code is a request for boot code via Trivial File Transfer Protocol, TFTP.
  9. A method implemented by a server (630) for managing access to encrypted data at a client system, comprising:
    receiving (502) a unique key identifier and a decryption key that is configured for decrypting a cluster of data from a client system that has access to the cluster of data, wherein the decryption key is interrelated to an encryption key with which the cluster of data has been encrypted;
    storing (504) the unique key identifier and the decryption key of the cluster of data in a key ID database coupled to a server;
    receiving (508) a communication request from a client system;
    sending (510) a communication response to the client system;
    obtaining (516) the unique key identifier stored in a cluster of encrypted data that a client system requests to access, and searching (518, 528) the key ID database for a match;
    in response to finding a match, retrieving (524) a decryption key associated with the key identifier; and
    sending (526) the decryption key to the client system, wherein the decryption key is configured for decrypting the cluster of encrypted data.
  10. The method of claim 9, wherein the encryption key and the decryption key are a same symmetric key.
  11. The method of claim 9, wherein the server is a PXE server, wherein the communication request is a PXE discover, and wherein the communication response is a response to the PXE discover.
  12. The method of claim 9, wherein the request for boot code is a request for boot code via TFTP.
  13. The method of claim 9, further comprising:
    detecting asset management anomalies; and
    in response to an asset management anomaly, deleting the decryption key from the key ID database.
  14. The method of claim 9, further comprising backing up the key ID database in a redundant storage.
  15. The method of claim 14, further comprising:
    in response to failing to find a match in the key ID database, accessing the backup key ID database in the redundant storage looking for a match unique key identifier; and
    upon finding a match in the backup key ID database in the redundant storage, restoring the matching unique key identifier and the decryption key to the key ID database of the server.
EP18733440.4A 2017-06-30 2018-05-31 Theft and tamper resistant data protection Active EP3646173B1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15/639,698 US10200194B2 (en) 2017-06-30 2017-06-30 Theft and tamper resistant data protection
US15/639,613 US10204241B2 (en) 2017-06-30 2017-06-30 Theft and tamper resistant data protection
PCT/US2018/035442 WO2019005417A1 (en) 2017-06-30 2018-05-31 Theft and tamper resistant data protection

Publications (2)

Publication Number Publication Date
EP3646173A1 EP3646173A1 (en) 2020-05-06
EP3646173B1 true EP3646173B1 (en) 2023-05-10

Family

ID=64738088

Family Applications (1)

Application Number Title Priority Date Filing Date
EP18733440.4A Active EP3646173B1 (en) 2017-06-30 2018-05-31 Theft and tamper resistant data protection

Country Status (4)

Country Link
US (2) US10204241B2 (en)
EP (1) EP3646173B1 (en)
CN (2) CN117040840A (en)
WO (1) WO2019005417A1 (en)

Families Citing this family (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9948625B2 (en) * 2015-01-07 2018-04-17 Cyph, Inc. Encrypted group communication method
US10728026B2 (en) * 2016-11-24 2020-07-28 Samsung Electronics Co., Ltd. Data management method
WO2019065599A1 (en) * 2017-09-28 2019-04-04 京セラ株式会社 Facility management system and facility management method
US10972445B2 (en) * 2017-11-01 2021-04-06 Citrix Systems, Inc. Dynamic crypto key management for mobility in a cloud environment
US11120137B2 (en) 2018-06-19 2021-09-14 Netgear, Inc. Secure transfer of registered network access devices
CN109873801B (en) * 2018-12-12 2020-07-24 阿里巴巴集团控股有限公司 Method, device, storage medium and computing equipment for establishing trusted channel between user and trusted computing cluster
CN109861980B (en) 2018-12-29 2020-08-04 阿里巴巴集团控股有限公司 Method, device, storage medium and computing equipment for establishing trusted computing cluster
US11095628B2 (en) 2019-01-24 2021-08-17 Dell Products L.P. Device locking key management system
KR20210107386A (en) * 2020-02-24 2021-09-01 삼성전자주식회사 Electronic apparatus and method for controlling thereof
US11354398B2 (en) 2020-03-02 2022-06-07 Seagate Technology Llc Off-cartridge encryption key storage for cartridge-based library
US11843692B2 (en) * 2020-03-02 2023-12-12 Seagate Technology Llc On-cartridge encryption key storage for cartridge-based library
JP7074926B1 (en) * 2020-04-01 2022-05-24 グーグル エルエルシー Systems and methods for encrypting content request data
CN111711619A (en) * 2020-06-04 2020-09-25 江苏荣泽信息科技股份有限公司 Block chain-based network security connection system
CN111769939B (en) * 2020-06-29 2021-02-09 北京海泰方圆科技股份有限公司 Business system access method and device, storage medium and electronic equipment
WO2022029340A1 (en) 2020-08-07 2022-02-10 Softiron Limited Current monitor for security
CN112165381B (en) * 2020-08-18 2023-12-05 远景智能国际私人投资有限公司 Key management system and method
US12019528B2 (en) 2020-08-25 2024-06-25 Softiron Limited Centralized server management for shadow nodes
US11777938B2 (en) 2020-09-24 2023-10-03 Microsoft Technology Licensing, Llc Gatekeeper resource to protect cloud resources against rogue insider attacks
CN112131564B (en) * 2020-09-30 2024-08-20 腾讯科技(深圳)有限公司 Method, device, equipment and medium for encrypting data communication
US11588848B2 (en) * 2021-01-05 2023-02-21 Bank Of America Corporation System and method for suspending a computing device suspected of being infected by a malicious code using a kill switch button
CN113162974B (en) * 2021-03-03 2023-04-07 北京中安星云软件技术有限公司 Method and system for realizing dynamic encryption and decryption of database based on TCP (Transmission control protocol) proxy
CN113010914B (en) * 2021-03-05 2024-09-10 华洋通信科技股份有限公司 Distributed privacy protection method for browser Cookies
US11907375B2 (en) * 2021-04-13 2024-02-20 Hewlett Packard Enterprise Development Lp System and method for signing and interlocking a boot information file to a host computing system
US12047502B2 (en) * 2021-05-05 2024-07-23 Verizon Patent And Licensing Inc. Systems and methods for backing up a hardware key
US11425152B2 (en) * 2021-05-11 2022-08-23 Asna Suhail Zaman Physical and network security system and mehtods
CN113360923A (en) * 2021-06-03 2021-09-07 北京融数联智科技有限公司 Data interaction method, device and system and electronic equipment
WO2022253693A1 (en) * 2021-06-04 2022-12-08 Softiron Limited Detection and remediation of unauthorized boot of storage media
US20240104027A1 (en) * 2022-09-26 2024-03-28 Intel Corporation Temporal information leakage protection mechanism for cryptographic computing
CN116305194B (en) * 2023-02-15 2023-11-17 中国科学院空天信息创新研究院 Asymmetric encryption and decryption method and system for sustainable information disclosure data
CN116233767B (en) * 2023-03-20 2024-04-30 中国联合网络通信集团有限公司 Cluster intercom communication method, device, equipment and storage medium

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7581118B2 (en) 2004-12-14 2009-08-25 Netapp, Inc. Disk sanitization using encryption
US20070237325A1 (en) 2006-02-01 2007-10-11 Gershowitz Michael N Method and apparatus to improve security of cryptographic systems
US9002018B2 (en) * 2006-05-09 2015-04-07 Sync Up Technologies Corporation Encryption key exchange system and method
US20080082680A1 (en) * 2006-09-29 2008-04-03 Karanvir Grewal Method for provisioning of credentials and software images in secure network environments
US8548956B2 (en) * 2008-02-28 2013-10-01 Mcafee, Inc. Automated computing appliance cloning or migration
GB2477774A (en) 2010-02-12 2011-08-17 Icera Inc Overriding production processor authentication restrictions through remote security unit for development code testing
US8631460B2 (en) 2011-03-23 2014-01-14 CipherPoint Software, Inc. Systems and methods for implementing transparent encryption
US9330245B2 (en) 2011-12-01 2016-05-03 Dashlane SAS Cloud-based data backup and sync with secure local storage of access keys
US8639928B2 (en) 2011-12-05 2014-01-28 Certicom Corp. System and method for mounting encrypted data based on availability of a key on a network
US9367702B2 (en) * 2013-03-12 2016-06-14 Commvault Systems, Inc. Automatic file encryption
US9871653B2 (en) * 2013-07-18 2018-01-16 Cisco Technology, Inc. System for cryptographic key sharing among networked key servers
US9178699B2 (en) * 2013-11-06 2015-11-03 Blackberry Limited Public key encryption algorithms for hard lock file encryption
GB2533098B (en) 2014-12-09 2016-12-14 Ibm Automated management of confidential data in cloud environments
WO2016100095A1 (en) * 2014-12-15 2016-06-23 Good Technology Corporation Secure storage
US9558374B2 (en) 2015-01-14 2017-01-31 Netapp, Inc. Methods and systems for securing stored information
US9762548B2 (en) * 2015-03-13 2017-09-12 Western Digital Technologies, Inc. Controlling encrypted data stored on a remote storage device
US10389693B2 (en) * 2016-08-23 2019-08-20 Hewlett Packard Enterprise Development Lp Keys for encrypted disk partitions
US9646172B1 (en) 2016-11-15 2017-05-09 Envieta Systems LLC Data storage system for securely storing data records
US10855464B2 (en) * 2016-11-23 2020-12-01 Vmware, Inc. Methods and apparatus to manage credentials in hyper-converged infrastructures

Also Published As

Publication number Publication date
CN110799941B (en) 2023-08-22
US10200194B2 (en) 2019-02-05
CN110799941A (en) 2020-02-14
US20190007204A1 (en) 2019-01-03
US20190005274A1 (en) 2019-01-03
EP3646173A1 (en) 2020-05-06
CN117040840A (en) 2023-11-10
WO2019005417A1 (en) 2019-01-03
US10204241B2 (en) 2019-02-12

Similar Documents

Publication Publication Date Title
EP3646173B1 (en) Theft and tamper resistant data protection
EP3446435B1 (en) Key-attestation-contingent certificate issuance
US10367834B2 (en) Systems and methods for implementing intrusion prevention
US9699150B2 (en) System and method for secure cloud computing
CN111324895B (en) Trust services for client devices
JP4219965B2 (en) One-time ID authentication
US10423791B2 (en) Enabling offline restart of shielded virtual machines using key caching
JP5564453B2 (en) Information processing system and information processing method
US9961048B2 (en) System and associated software for providing advanced data protections in a defense-in-depth system by integrating multi-factor authentication with cryptographic offloading
CN106790045B (en) distributed virtual machine agent device based on cloud environment and data integrity guarantee method
US20080320554A1 (en) Secure data storage and retrieval incorporating human participation
US8667278B2 (en) Information processing apparatus and data transmission method of information processing apparatus
US20230396612A1 (en) Authentication system for a multiuser device
US11811915B1 (en) Stateless system to protect data
US11818109B1 (en) Secure synchronization of data
US11831759B1 (en) Optimized authentication system for a multiuser device
US11848945B1 (en) Stateless system to enable data breach
US20240070294A1 (en) Secure synchronization of data
US20240073015A1 (en) Stateless system to restore access
EP1944942A1 (en) Method for checking the running configuration of a network equipment and network equipment
CN117494104A (en) 3 DES-based password management method, system, equipment and medium
Boström Transparent and secure remote network storage system using an untrusted server

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20191125

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
RAP3 Party data changed (applicant data changed or rights of an application transferred)

Owner name: MICROSOFT TECHNOLOGY LICENSING, LLC

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20211118

REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Ref document number: 602018049598

Country of ref document: DE

Free format text: PREVIOUS MAIN CLASS: G06F0009440100

Ipc: H04L0009400000

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 9/4401 20180101ALI20221129BHEP

Ipc: H04L 9/32 20060101ALI20221129BHEP

Ipc: H04W 12/10 20090101ALI20221129BHEP

Ipc: H04L 9/14 20060101ALI20221129BHEP

Ipc: H04L 9/08 20060101ALI20221129BHEP

Ipc: G06F 21/72 20130101ALI20221129BHEP

Ipc: G06F 21/57 20130101ALI20221129BHEP

Ipc: G06F 21/62 20130101ALI20221129BHEP

Ipc: H04L 9/40 20220101AFI20221129BHEP

INTG Intention to grant announced

Effective date: 20230103

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: AT

Ref legal event code: REF

Ref document number: 1567819

Country of ref document: AT

Kind code of ref document: T

Effective date: 20230515

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602018049598

Country of ref document: DE

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230505

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG9D

REG Reference to a national code

Ref country code: NL

Ref legal event code: MP

Effective date: 20230510

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 1567819

Country of ref document: AT

Kind code of ref document: T

Effective date: 20230510

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230911

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230810

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: RS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230910

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230811

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20230531

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20230531

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20230531

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20230531

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602018049598

Country of ref document: DE

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

REG Reference to a national code

Ref country code: IE

Ref legal event code: MM4A

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20230531

26N No opposition filed

Effective date: 20240213

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20230531

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20230510

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20230531

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20240419

Year of fee payment: 7

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20240418

Year of fee payment: 7

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20240418

Year of fee payment: 7